Centos, Kolab and php-fpm

If you want to simultaneously use other PHP-versions or simply like to have the additional performance and manageability FastCGI Process Manager (PHP FPM) is the way to go. Basic receipt is:

yum install php-fpm
; Edit /etc/php-fpm.d/www.conf Listen-Port to 9054
systemctl enable php-fpm
systemctl start php-fpm
rm /etc/httpd/conf.modules.d/10-php.conf
; Edit in /etc/httpd/conf.d/ the websites you want to use PHP 5.4 FPM
        <FilesMatch \.php$>
            SetHandler "proxy:fcgi://127.0.0.1:9054"
        </FilesMatch>
apachectl graceful

Generally php-directives in conf and .htaccess-files don’t work with FPM. If you get errors on restarting httpd you have to remove those statements and either try to live without them or add .user.ini-files, add it to the global settings or use SetEnv-statements.
Kolab is tied to PHP 5.4 on Centos 7 and also needs some tweaking to work with FPM.

First you have to add  DirectoryIndex index.php to some of the Websites in /etc/httpd/conf.d/ as well as the aformentioned  SetHandler "proxy:fcgi://127.0.0.1:9054" . What else is missing PHP FPM does not forward Basic Authentication. Add

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

to kolab_syncroton.conf, iRony.conf and chwala.conf to make ActiveSync and Roundcube Files work again.

Side note: Apache 2.4.27 will either support HTTP/2 or mod_php (because prefork is needed for mod_php but disallows HTTP/2), you can’t have both. So to have HTTP/2 you have to use PHP FPM. mod_nss did not work for me for HTTP/2, only mod_ssl.

Update 2017-10-11: Kolab Syncroton  / ActiveSync employs a clever trick: When the Clients POSTs a SYNC command to get updates if any exist, the Server delays the answer if not up to 15 minutes. This is to save energy on the client. But with PHP FPM we need to set the Apache TimeOut to at least 960 seconds (and if you enable “slow logging” that timeout as well). This is no elegant solution as it is “a global solution to a local problem”, I will look into this.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s